Wednesday, September 20, 2006

Windows Update is a great, indispensable, tool. With all the threats around the Internet, using a non-updated machine is simply stupid.Yet, it is lacking one huge problem - configurability !!!The configuration options are so limited I don't know whether to cry or to laugh.I am using a server to run various CPU/memory/time-intensive tasks. Last week I was running a task that was taking 100%CPU for about a day and a half (and it had several more days to run), when suddenly "poof", the server rebooted by itself. I looked at the monitor in the morning, unable to understand why I get the logon screen, when I knew I had this quite heavy task running. A quick look at the Event Viewer showed me that the computer rebooted at 3:30 AM. Right before that, I see the Windows Update Agent, prouding himself of having finished downloading updates and being ready to install them. Since this happened to me already a long time ago, I knew exactly what happened - my server is (sorry - it WAS) configured to run the updates automatically, and some of the updates required to reboot the computer. So Mister Windows Update decided, without asking my opinion, to simply reboot and kill everything that's on its way. Mister Windows Update is so vain that He doesn't even need to let you know He did it - if you really must know, just figure it out implicitely from the Event Viewer.BTW, when I said it happened to me a long time ago - it wasn't really to me. It happened at a customer (very large investment bank), suddenly their server rebooted in the middle of the night, without prior notice. Since the server was dedicated to the application I was responsible of, I had to figure out, what was going on remotely (I was in Tel Aviv, the server in London, and many security constraints in the middle). It took me much longer back then, since I had no clue what was going on, and like a polite developer my first assumption was that something is really wrong with my software. It took several iterations, me feeling guilty and stupid not to know how bad my own software can behave, until I found the real culprit.Why can't we configure things like this (each, of course, should have many possibilities):

Reboot only for high-risk security updates

Announce the reboot X time in advance, both on the machine and by mail/SMS/whatever